Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possibly numerous infections`

  • Please log in to reply
9 replies to this topic

#1 cloudhulse


  • Members
  • 8 posts
  • Local time:06:06 AM

Posted 03 February 2015 - 12:57 AM

On a work computer I've found these programs:


AppGraffiti, YourTemplateFinder, Inbox Ace Search, CouponAlert, Super Optimizer, Driver Restore, Mixxen, Extended Update, SlimCleaner Plus, and CA Pest Patrol


Anyone wanna touch this without any other info, I just came tonight for first time and discovered these; along with countless other toolbars!


***BTW, is there a quick way to discover if a computer has antivirus or antimalware software installed?



UPDATE #!: All unistalled easily, other than SlimCleaner Plus (SlimWare Utilities Inc) and CA Pest Patrol- (Computer Assoc.)    Who's got the right answer for removal?

Edited by cloudhulse, 03 February 2015 - 02:23 AM.

BC AdBot (Login to Remove)


#2 InadequateInfirmity


    I Gots Me A Certified Edumication

  • Banned
  • 5,180 posts
  • Gender:Male
  • Local time:06:06 AM

Posted 03 February 2015 - 03:19 AM

Step 1: Minitoolbox.
Please download MINITOOLBOX and run it.

Checkmark following boxes:

Flush DNS
Reset FF proxy Settings
Reset Ie Proxy Settings
Report IE Proxy Settings
Report FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List Devices (problems only)

Click Go and post the result.
Step 2: Junkware Removal Tool.
Please download Junkware Removal Tool and save it on your desktop.

  • Shut down your anti-virus, anti-spyware, and firewall software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log is saved to your desktop and will automatically open.
  • Please post the JRT log.

Step 3: Adware Cleaner.
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step 4: Adware Removal Tool.
Download Adware removal tool to your desktop, right click the icon and select Run as Administrator.


Hit Ok.


Hit next make sure to leave all items checked, for removal.


The Program will close all open programs to complete the removal, so save any work and hit OK. Then hit OK after the removal process is complete,  then OK again to finish up. Post log generated by tool.
Step 5: Malwarebytes AntiRootkit
Download Malwarebytes Anti-Rootkit to your desktop.
  • Double-click the icon to start the tool.
  • It will ask you where to extract make sure it is on the desktop.
  • Malwarebytes Anti-Rootkit needs to be run from an account with admin rights.
  • Click next to continue.
  • Then Click Update
  • Once the update is Finished select Next then Scan.
  • If no malware has been found, at the end of scan select Exit
  • If an infection was found, make sure to select all items and click Cleanup.
  • Reboot your machine.
  • Open the MBAR folder and paste the content of the following into your next reply:
  • mbar-log-{date} (xx-xx-xx).txt
  • system-log.txt


Step 6: Security Check Log.
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document

Step 7: Report
Tell me how the machine is performing, and if you need help performing any steps. Also post all requested logs.


#3 cloudhulse

  • Topic Starter

  • Members
  • 8 posts
  • Local time:06:06 AM

Posted 03 February 2015 - 03:31 AM

Is this really the easiest way, it is 330am and I've read malware bytes works for Pest Patrol and Revo for SlimCleaner. Not my computer and would rather not download an additional 5 programs

#4 InadequateInfirmity


    I Gots Me A Certified Edumication

  • Banned
  • 5,180 posts
  • Gender:Male
  • Local time:06:06 AM

Posted 03 February 2015 - 03:37 AM

These programs do not run unless you run them they are portable applications, so there is no way they can slow the computer down. Installing and running them all should take about an hour total and you would be suprised what they might find.


Or just run one tool, although I would highly suggest running them all as there is no one click solution for malware......


Your choice....... you asked for help I am offering a possible solution. :)

#5 cloudhulse

  • Topic Starter

  • Members
  • 8 posts
  • Local time:06:06 AM

Posted 03 February 2015 - 04:29 AM

Ran revo to uninstall programs, then ran AdwCleaner and here is the log.
# AdwCleaner v4.109 - Report created 03/02/2015 at 04:22:16
# Updated 24/01/2015 by Xplode
# Database : 2015-02-02.1 [Live]
# Operating System : Windows Vista ™ Business Service Pack 2 (32 bits)
# Username : lynn - JCPLUMBING-PC
# Running from : C:\Users\lynn\adwcleaner_4.109.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : CouponAlert_2pService
[#] Service Deleted : {371bcf01-e691-44bf-9345-60788e5d16a5}Gt
[#] Service Deleted : {df8eec40-f909-439c-9ffe-3fee212f71b9}Gt
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Browser
Folder Deleted : C:\ProgramData\4ea149d2000058e6
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
Folder Deleted : C:\Program Files\comcasttb
Folder Deleted : C:\Program Files\DriverRestore
Folder Deleted : C:\Users\lynn\AppData\Local\Temp\apn
Folder Deleted : C:\Users\lynn\AppData\Local\Temp\Solution Real
Folder Deleted : C:\Users\lynn\AppData\Local\iac
Folder Deleted : C:\Users\lynn\AppData\LocalLow\iac
Folder Deleted : C:\Users\lynn\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\lynn\AppData\Roaming\UpdaterEX
File Deleted : C:\Windows\system32\drivers\{371bcf01-e691-44bf-9345-60788e5d16a5}Gt.sys
File Deleted : C:\Windows\system32\drivers\{df8eec40-f909-439c-9ffe-3fee212f71b9}Gt.sys
File Deleted : C:\Users\lynn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speed browser.lnk
***** [ Scheduled Tasks ] *****
Task Deleted : UpdaterEX
Task Deleted : DriverRestore_ScheduledScan
Task Deleted : DriverRestore_DailyScan
Task Deleted : Super Optimizer Schedule
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08635077-8829-49E2-B338-C968817EB460}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20A3F109-F7C1-47B4-8098-8E654B264B1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C7478AB-3155-463E-936F-55F91F0F10D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9E1B65EE-A131-42B4-94CA-847505E2F611}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4500a1b4-ae7b-41f0-afb6-b7139a8f950b}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0214A12B-C5A3-437F-A6F3-068ABCD8C85E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{96DD9437-5D20-4EFB-BF52-A4A605A4E0AA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A11A6BD-7880-49BD-92D4-6F09D0BD3250}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{68DE31F7-43FF-4EE2-B88B-10665016970D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D196831D-1A59-4B05-9D47-E4F488EF0499}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{23B38049-323F-443D-9732-F454E5B15B72}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4B9BCCE8-A70B-402A-A7E1-DB96831EE26F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8867AC9B-4426-44A2-A693-C95850D3405C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{004EB151-885B-4A9E-A22D-CA98DD998D75}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1791C1B5-FFD0-4D4B-ABCD-7A7DF6EAA89C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{49BC4DD1-0E69-4611-9164-0009538C5E46}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3F192DBC-267B-422D-90F0-80EAE62B97BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{42f6cdef-be6a-48e4-b6ef-bc987c64fed9}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\DriverRestore
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\xfin_portal
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\SpeedBrowser
Key Deleted : HKLM\SOFTWARE\DesktopTemperature
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Desktop Temperature Monitor
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16599
-\\ Google Chrome v40.0.2214.93
AdwCleaner[R0].txt - [7104 octets] - [03/02/2015 04:04:38]
AdwCleaner[S0].txt - [6734 octets] - [03/02/2015 04:22:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6794 octets] ##########

#6 cloudhulse

  • Topic Starter

  • Members
  • 8 posts
  • Local time:06:06 AM

Posted 03 February 2015 - 04:48 AM

 about 5min. ago a red pop up with no name claimed my trial expired and wanted me to purchase the product, but was too scared to click on it. Just continued with my process. Ran Junkware Removal,


Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows Vista ™ Business x86
Ran by lynn on Tue 02/03/2015 at  4:43:48.53
~~~ Services
Successfully stopped: [Service] antispywareservice 
Successfully deleted: [Service] antispywareservice 
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CouponAlert_2p.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CouponAlert_2p.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\InboxAce_1g.ToolbarProtector.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\YourTemplateFinder_br.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\YourTemplateFinder_br.ToolbarProtector.1
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\DRIVERRESTORE.EXE-2FA3C9B1.pf
Successfully deleted: [File] C:\Windows\prefetch\DRIVERRESTORE.EXE-A98F6212.pf
~~~ Folders
~~~ Event Viewer Logs were cleared
Scan was completed on Tue 02/03/2015 at  4:45:03.37
End of JRT log

#7 InadequateInfirmity


    I Gots Me A Certified Edumication

  • Banned
  • 5,180 posts
  • Gender:Male
  • Local time:06:06 AM

Posted 03 February 2015 - 05:18 AM

Run the other scan we will get to the root of this.

#8 cloudhulse

  • Topic Starter

  • Members
  • 8 posts
  • Local time:06:06 AM

Posted 03 February 2015 - 06:09 AM

Here's the result of the last scan, I wanted to send you an image of the attachment of the pop up, but couldnt' figure it out. oh well 
 Results of screen317's Security Check version 0.99.96  
 Windows Vista Service Pack 2 x86 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
  Java 64-bit 8 Update 31
 Adobe Flash Player  
 Adobe Reader 10.1.13 Adobe Reader out of Date!
 Google Chrome (40.0.2214.91) 
 Google Chrome (40.0.2214.93) 
````````Process Check: objlist.exe by Laurent````````
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 4 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

Edited by cloudhulse, 03 February 2015 - 06:11 AM.

#9 cloudhulse

  • Topic Starter

  • Members
  • 8 posts
  • Local time:06:06 AM

Posted 03 February 2015 - 09:43 AM

Figured it out, a program called genie-soft, supposedly not malicious. Thank you for your help anyway! What a mess this thing was last night. Glad I could get it cleaned up. Now to got some real work do

#10 InadequateInfirmity


    I Gots Me A Certified Edumication

  • Banned
  • 5,180 posts
  • Gender:Male
  • Local time:06:06 AM

Posted 03 February 2015 - 03:05 PM

If you wish to continue to clean up a bit more then see this,




Step 1: Malwarebytes Scan.
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

  • Double-click mb3-setup-1878.1878- and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Copy Paste that saved log to your next reply.

Step 2: 9-Lab Scan
Download 9-Lab Removal Tool. from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

Install the program onto your computer, then right click the icon RRXH2ZG.jpg run as administrator.

Go to the Update tab and update the program.


Now go to the scanner tab and select Full Scan.


Upon Scan Completion Click Show Results.


Now click the Clean button.


Once done cleaning you can go to the logs tab double click it and copy paste in your next reply.
Step 3: Eset Scan
Disable your antivirus prior to running this scan.
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.
  • NOTE:Sometimes if ESET finds no infections it will not create a log.

Step 4: Hitman Pro Scan
Download Zemana Cloud AntiMalware from one of the links below.

CLICK HERE to determine whether you're running 32-bit or 64-bit for Windows.

http://dl9.zemana.com/download/Products/AntiMalware/Build192/ZemanaAntiMalware.exe          32 bit
http://dl9.zemana.com/download/Products/AntiMalware/Build192/ZemanaAntiMalware_x64.exe  64 bit

Note: If you have used Hitman Pro in the past you will not be able to activate a free license for this product.

Save the file to your desktop.
Right Click and run as administrator.
Click Next to scan for malicious software.
Tick the box that reads. " No I only want to perform a one time scan to check this computer"

Hit Next.


Upon scan completion. Now click on on save log and save to your desktop. Hit next to activate.


After you activate, remove malware and post the log created in your next reply.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users